Cybersecurity and SD-WAN Get Tighter

Digitalpadlock 1

By: R. Scott Raynovich

Here's one of the takeaways I got from the NetEvents Global IT conference last week in San Jose: Cybersecurity and software-defined wide-area networking (SD-WAN) technology will continue their inexorable trend toward tighter integration.

SD-WAN suppliers are morphing into cybersecurity vendors. Firewall and security vendors are either partnering with SD-WAN suppliers or touting their own SD-WAN functionality. And a new category of cloud-powered SD-WAN providers is emerging to meet all of the the needs of both markets.

It makes sense. SD-WAN is growing in popularity because it abstracts networking applications away from hardware -- enabling managers to build and control networks using a cloud architecture. Cybersecurity applications, including networking security, are increasingly migrating to the cloud as well. Depending on how you think of this, SD-WAN can be a delivery platform for a range of new networking applications, including cybersecurity applications.

Who loses in this paradigm? Well, anybody that just wants to sell branch router hardware, for one. Routing and cybersecurity functionality are now becoming baked into the SD-WAN product portfolio. In addition, hardware-oriented firewall suppliers that don't take their story to the cloud are going to have trouble as well.

Picking on Cisco

This cloud-versus-hardware story is easy to follow. Smart players such as Fortinet have used it to pivot their firewall business to the SD-WAN story. Fortinet has announced an SD-WAN product and is evolving its firewall story there. It recently inked a deal with Telenor of Sweden to supply SD-WAN infrastructure. Others, such as Juniper Networks, appear slower to adapt. (Author's note: That is just my opinion.)

Cisco saw the the SD-WAN threat coming soon and bought one of the hottest SD-WAN players, Viptela, in 2017. But a few years later, Cisco is still geared largely to hardware sales, rather than a software pure play. Many SD-WAN buyers tell Futuriom that Cisco's challenge is that it pitches expensive SD-WAN solutions that include Cisco hardware.

Of course, Cisco has a different take. It's trying to shift to be more of a software player. When Prashanth Shanoy, VP of Marketing for Enterprise Networking, Cisco, and Kelly Ahuja, CEO, Versa Networks, both popped up on an SD-WAN panel last week at NetEvents -- we all thought it could be some fun!

Ahuja was happy to poke some fun at Cisco. "Most companies are delivering hardware-defined WAN," he said, with a not-so-subtle dig at his panel neighbor and former employer, Cisco.

Shanoy didn't really take the bait. But he did point to the cloud trend. "The whole reason why SD-WAN even exists today is because of the emergence of cloud, right? So if cloud didn't take over and public cloud and SaaS applications, you wouldn't truly need SD-WAN."

"Embrace the overlay" was the general theme, though this is harder for some companies than others.

Both Cisco and Versa appear to agree, however, that SD-WAN also means delivering security with the network overlay.

SD-WAN Seen as a Security Play

Futuriom end-user studies have also confirmed that many end users see better security as a major gain in their jump to SD-WAN. Many SD-WAN platforms come with cybersecurity and network visibility applications, giving network and IT managers more control over what's happening on their networks. (See chart below.)

Sd Wan Security Drivers

Many of the SD-WAN vendors already know this as well. The major players are now focusing on security features as well as networking (see the Futuriom SD-WAN Growth Report for a full list of the major vendors in the market). There are even more if you believe it -- with upwards of 40 suppliers having announced SD-WAN products. The SD-WAN vendors are also lining up deals with major networking vendors such as Palo Alto Networks and Zscaler to have third-party cybersecurity apps pre-built into their SD-WAN offerings.

While many SD-WAN vendors have stressed partnership with "best-of-breed" apps, two SD-WAN vendors in particular -- Cato and Versa -- have taken a different tack by building their own native security apps.

As security and SD-WAN become increasingly intertwined, research and testing firms are now recognizing the SD-WAN vendors for their security features. For example, Versa Networks was recently given the "Recommended" rating in the NSS Labs 2019 Next Generation Intrusion Prevention Systems (NGIPS) Group Test. And Cato was recently featured as a "sample vendor" in an entirely new category created by Gartner called Secure Access Service Edge (SASE). Gartner says Cato meets the feature requirement for SASE, which includes the following characteristics:

  • Identity-driven: Product is aware of user, and resource identity, beyond an IP address, determines the networking experience and level of access rights. Route selection and risk-driven security controls are driven by identity.
  • Cloud-native architecture: The SASE architecture leverages key cloud capabilities, including elasticity, adaptability, self-healing, and self-maintenance.
  • Supports all edges: SASE creates one network for all company resources, whether data centers, branch offices, cloud resources, and/or mobile users.
  • Globally distributed: The SASE cloud must be globally distributed.

The integrated security strategy presented by Cato and Versa will also be compelling for those who want to buy the whole package from one supplier. But the "best-of-breed" security strategy pitched by the likes of Aryaka, Silver Peak, and others is also viable. Some enterprise buyers will want to stick with the security tools they have and further integrate them into the network with SD-WAN. And SD-WAN, as a network applications orchestration platform, is a sensible way to service-chain virtual firewall and cloud cybersecurity apps such as intrusion detection system (IDS).

So, this explains in part why everybody is excited about the SD-WAN market -- it's several networking and security markets in one, all delivered from the cloud. The SD-WAN suppliers want to be cybersecurity and firewall vendors. The firewall vendors want to be SD-WAN suppliers. The losers appear to be router suppliers. In the end, it's lots of new choices that will be good for the buyer. And we get to watch this interesting networking cybersecurity chess match play out.

Analysis of market trends and the major players in the SD-WAN landscape are all included in Futuriom's 2019 SD-WAN Growth Report. Companies included: Aryaka Networks, Cisco Systems, Cato Networks, Citrix Systems, CloudGenix, Fatpipe Networks, Fortinet, Juniper Networks, Nuage Networks (Nokia), Silver Peak, Versa Networks, VMware.